A Lifecycle-Based Security Threat Model for FPGA in Safety-Critical Systems

Field-programmable gate arrays are increasingly adopted in safety-critical systems due to their deterministic execution, low latency, and suitability for rigorous verification and validation. However, prior studies largely focus on individual attack techniques or the operational phase, limiting their ability to capture how security threats are introduced, propagate, and remain dormant across the FPGA development lifecycle. To address this limitation, this paper proposes a lifecycle-based security threat analysis framework that integrates the IEEE Std 1012 verification and validation lifecycle with the FPGA development flow. The proposed framework supports systematic analysis by anchoring the assessment to key development artifacts spanning from design through bitstream generation and operation. By structuring FPGA security threats from a lifecycle perspective, this study provides a foundational analytical framework for systematically analyzing security risks across the FPGA development lifecycle in safety-critical systems.